A
Alan Silver
Hello,
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication
stuff do it's job, they will be sent to the log in page. Non admin
people shouldn't know that the log in page even exists, so I don't want
to show it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) && (User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error
saying that the object (which I found out meant User) was null. That's
why I added the extra tests in the if statement. The only change I know
of is that Windows prompted me for an update today, something to do with
a security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA
I have some pages that are protected by forms authentication, and am
adding code to the global.asax so that if someone tries to load (say)
/order83.aspx, if they are logged in, it will rewrite the url to
/order.aspx?orderid=83, and if they aren't logged in, it will redirect
them to the default page.
The reason for this is that I don't want people seeing the login page if
they aren't site admin folk. If I just let the normal authentication
stuff do it's job, they will be sent to the log in page. Non admin
people shouldn't know that the log in page even exists, so I don't want
to show it to them.
So what I am doing in global.asax is this ...
void Application_BeginRequest(Object sender , EventArgs e) {
string strPath = Request.Path.ToLower();
if (strPath.StartsWith("/order") {
if ((User != null) && (User.Identity != null) && (User.Identity.IsAuthenticated)) {
// do stuff here to get the order number and rewrite the URL
} else {
Response.Redirect("/");
}
}
}
Obviously this is greatly simplified from what's actually in there, but
this is the important bit.
The problem is that the check for the user being logged in is failing,
even when I am logged in. It seems that User is null, irrespective of
being logged in or not.
The weird thing is that I previously had that line just as...
if (User.Identity.IsAuthenticated) {
and it worked fine. Just today, I started getting a run time error
saying that the object (which I found out meant User) was null. That's
why I added the extra tests in the if statement. The only change I know
of is that Windows prompted me for an update today, something to do with
a security threat in graphics code. I didn't really take to much notice
unfortunately, but I'm pretty sure it was not related to this.
Anyone any ideas? I'm stuck!! TIA